Hi Guys,
For my .net application i have a mechanism that creates a special user on the local machine. I then create the Registry / Directory entries and assign this newly created user full access to the appropriate Sub Keys / Folders.
For my test i use Impersonation to setup the enviroment to run under this new user, and then run some manipulations on the Registry / Directory sections.
I use the following code to create my registry section (Run as Admin):
RegistryAccessRule rule = new RegistryAccessRule(LOGON_USER_NAME, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow);
RegistrySecurity security = new RegistrySecurity();
security.AddAccessRule(rule);
//Create Test Sub Key in Registry with permissions for the MicaUser
root = Registry.LocalMachine.CreateSubKey(SUB_KEY_ROOT, RegistryKeyPermissionCheck.ReadWriteSubTree);
root.SetAccessControl(security);
RegistryKey key = root.CreateSubKey(SUB_KEY_DELETE, RegistryKeyPermissionCheck.ReadWriteSubTree);
root.Close();
key.Close();
Then when i attempt to manipulate the register under an impersonated user:
RegistryKey root = Registry.LocalMachine.OpenSubKey(SUB_KEY_ROOT); root.DeleteSubKeyTree(SUB_KEY_DELETE);
This causes a permissions exception "Cannot write to the registry key".
The directory manipulation is fine, and works as expected, however the registry permissions fail. I checked the registry and the user has been granted full permissions to the sub key.
Error: "Cannot Write to Registry Key"
NOTE: The registry manipulation works fine under an Admin user, so the code is correct.
Any thoughts?
Regards
Tris